Turning off your Bluetooth and Wi-Fi radios when you’re not using them is good security practice (not to mention good for your battery usage). When you consider Bluetooth’s known vulnerabilities, it’s especially important to make sure your Bluetooth and Wi-Fi settings are doing what you want them to. The iPhone’s newest operating system, however, makes it harder for users to control these settings.

On an iPhone, users might instinctively swipe up to open Control Center and toggle Wi-Fi and Bluetooth off from the quick settings. Each icon switches from blue to gray, leading a user to reasonably believe they have been turned off—in other words, fully disabled. In iOS 10, that was true. However, in iOS 11, the same setting change no longer actually turns Wi-Fi or Bluetooth “off.”

Instead, what actually happens in iOS 11 when you toggle your quick settings to “off” is that the phone will disconnect from Wi-Fi networks and some devices, but remain on for Apple services. Location Services is still enabled, Apple devices (like Apple Watch and Pencil) stay connected, and services such as Handoff and Instant Hotspot stay on. Apple’s UI fails to even attempt to communicate these exceptions to its users.

It gets even worse. When you toggle these settings in the Control Center to what is best described as"off-ish," they don’t stay that way. The Wi-Fi will turn back full-on if you drive or walk to a new location. And both Wi-Fi and Bluetooth will turn back on at 5:00 AM. This is not clearly explained to users, nor left to them to choose, which makes security-aware users vulnerable as well.

The only way to turn off the Wi-Fi and Bluetooth radios is to enable Airplane Mode or navigate into Settings and go to the Wi-Fi and Bluetooth sections.

When a phone is designed to behave in a way other than what the UI suggests, it results in both security and privacy problems. A user has no visual or textual clues to understand the device's behavior, which can result in a loss of trust in operating system designers to faithfully communicate what’s going on. Since users rely on the operating system as the bedrock for most security and privacy decisions, no matter what app or connected device they may be using, this trust is fundamental.

In an attempt to keep you connected to Apple devices and services, iOS 11 compromises users' security. Such a loophole in connectivity can potentially leave users open to new attacks. Closing this loophole would not be a hard fix for Apple to make. At a bare minimum, Apple should make the Control Center toggles last until the user flips them back on, rather than overriding the user’s choice early the next morning. It's simply a question of communicating better to users, and giving them control and clarity when they want their settings off—not “off-ish.”

Related Updates

Fundación Karisma, Colombia’s leading digital rights organization, just launched its fourth annual ¿Dónde Estan Mis Datos? report in collaboration with EFF. The results are even more encouraging than the ones seen in 2017, with significant improvement in transparency - five companies published transparency reports, and four publicly...

EFF doesn’t endorse products. But as Internet-connected products proliferate, ads for them bombard holiday shoppers with promises of a more streamlined life. And they do so without always divulging that they’re tracking you more than a jolly fat man who sees when you’re sleeping and knows when you’re awake. So...

After years of claiming self-regulation would keep them in line, big tech companies spooked by new state data privacy safeguards are now calling for a national privacy law—one that would roll back these vital state protections. We are one of sixteen consumer privacy and civil rights groups to...

San Francisco - Two social justice organizations—the Center for Genetics and Society and the Equal Justice Society—and an individual plaintiff, Pete Shanks, have filed suit against the state of California for its collection and retention of genetic profiles from people arrested but never convicted of any crime. The Electronic Frontier...

Two social justice organizations—the Center for Genetics and Society and the Equal Justice Society—and an individual plaintiff, Pete Shanks, have filed suit against the state of California for its collection and retention of genetic profiles from people arrested but never convicted of any crime. EFF and the Law Office of...

Another week, another set of reminders that, while Facebook likes to paint itself as an “optimistic” company that’s simply out to help users and connect the world, the reality is very different. This week, those reminders include a collection of newly released documents suggesting that the company adopted a host...

The New York Times published a blockbuster story about Facebook that exposed how the company used so-called “smear merchants” to attack organizations critical of the platform. The story was shocking on a number of levels, revealing that Facebook’s hired guns stooped to dog-whistling, anti-Semitic attacks aimed...

Do you need some stimulating reading material for this long holiday weekend? Here’s a great option: the latest issue of Timothy McSweeney’s Quarterly Concern, The End of Trust. This is a collection of essays and interviews about technology, privacy, and surveillance, featuring many EFF authors—including EFF Executive...